<?php
######comment the next line out with a # character, in order to enable password reset########
die('The file resetpassword.php must be edited in order to enable the password reset.');

if (gethostbyaddr($_SERVER['REMOTE_ADDR']) == 'localhost') {

    include_once 'data.php';
    include_once 'functions.php';

    if (!empty($_GET['reset_password']) && !empty($_GET['username']) && !empty($_GET['new_password1']) && !empty($_GET['new_password2'])
	&& $_GET['new_password1'] == $_GET['new_password2']) {

	database_connect($usersdatabase_path, 'users');
	$new_password_query = $dbHandle->quote(md5($_GET['new_password1']));
	$user_query = $dbHandle->quote($_GET['username']);
	$password_changed = $dbHandle->exec("UPDATE users SET password=$new_password_query WHERE username=$user_query");
	$dbHandle = null;
    }

    print '<form action="resetpassword.php" method="GET">';

    print '<table cellspacing="0" class="ui-corner-all alternating_row item-sticker" style="width:70%;margin:5% 15%">';

    print "<tr><td class=\"items ui-corner-top\" style=\"border-bottom:1px solid #CFCECC\"><b>Reset password</b></td></tr>";

    print "<tr><td class=\"items\" style=\"border-top:1px solid #FFFFFF;border-bottom:1px solid #CFCECC\">";

    print "Username:<input type=\"text\" size=\"10\" name=\"username\">
    New Password:<input type=\"password\" size=\"10\" name=\"new_password1\">
    Re-type New Password:<input type=\"password\" size=\"10\" name=\"new_password2\"><br>";

    print "</td></tr>";

    print "<tr><td class=\"items\" style=\"border-top:1px solid #FFFFFF\">";

    print "<input type=\"submit\" name=\"reset_password\" value=\"Change\">";

    if (!empty($_GET['reset_password']) && isset($password_changed) && $password_changed == 1) {
        print 'Password was reset. Go to the <a href="'.$url.'" target="_top">home page</a>.';
    } elseif(!empty($_GET['reset_password'])) {
        print 'Password reset failed!';
    }

    print "</td></tr></table>";

    print '</form><br>';

} else {
    print '<h3>Accessible only from localhost.</h3>';
}
?>
